Vulnerabilidad en el kernel de Linux, de FreeBSD en procesadores AMD64 y AuthenticAMD (CVE-2006-1056)
Gravedad CVSS v2.0:
BAJA
Tipo:
CWE-310
Errores criptográficos
Fecha de publicación:
20/04/2006
Última modificación:
03/04/2025
Descripción
El kernel de Linux en versiones anteriores a 2.6.16.9 y el kernel de FreeBSD, cuando se ejecuta en AMD64 y otros procesadores AuthenticAMD de 7ª y 8ª generación, solo guarda/restablece los registros FOP, FIP y FDP x87 en FXSAVE/FXRSTOR cuando una excepción está pendiente, lo que permite un proceso para determinar las porciones del estado de instrucciones de punto flotante de otros procesos, lo que puede ser aprovechado para obtener información sensible como claves criptográficas. NOTA: este es un comportamiento documentado de procesadores AMD64, pero es inconsistente con procesadores Intel en una forma relevante para la seguridad que no fue abordada por los kernels.
Impacto
Puntuación base 2.0
2.10
Gravedad 2.0
BAJA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.16.8 (incluyendo) | |
| cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc
- http://kb.vmware.com/kb/2533126
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lwn.net/Alerts/180820/
- http://marc.info/?l=linux-kernel&m=114548768214478&w=2
- http://secunia.com/advisories/19715
- http://secunia.com/advisories/19724
- http://secunia.com/advisories/19735
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/20716
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21035
- http://secunia.com/advisories/21136
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/21983
- http://secunia.com/advisories/22417
- http://secunia.com/advisories/22875
- http://secunia.com/advisories/22876
- http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt
- http://securitytracker.com/id?1015966=
- http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1103
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/24746
- http://www.osvdb.org/24807
- http://www.redhat.com/support/errata/RHSA-2006-0437.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.redhat.com/support/errata/RHSA-2006-0579.html
- http://www.securityfocus.com/archive/1/431341
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451419/100/200/threaded
- http://www.securityfocus.com/archive/1/451421/100/0/threaded
- http://www.securityfocus.com/bid/17600
- http://www.ubuntu.com/usn/usn-302-1
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vmware.com/download/esx/esx-254-200610-patch.html
- http://www.vupen.com/english/advisories/2006/1426
- http://www.vupen.com/english/advisories/2006/1475
- http://www.vupen.com/english/advisories/2006/2554
- http://www.vupen.com/english/advisories/2006/4353
- http://www.vupen.com/english/advisories/2006/4502
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25871
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc
- http://kb.vmware.com/kb/2533126
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
- http://lwn.net/Alerts/180820/
- http://marc.info/?l=linux-kernel&m=114548768214478&w=2
- http://secunia.com/advisories/19715
- http://secunia.com/advisories/19724
- http://secunia.com/advisories/19735
- http://secunia.com/advisories/20398
- http://secunia.com/advisories/20671
- http://secunia.com/advisories/20716
- http://secunia.com/advisories/20914
- http://secunia.com/advisories/21035
- http://secunia.com/advisories/21136
- http://secunia.com/advisories/21465
- http://secunia.com/advisories/21983
- http://secunia.com/advisories/22417
- http://secunia.com/advisories/22875
- http://secunia.com/advisories/22876
- http://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt
- http://securitytracker.com/id?1015966=
- http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
- http://www.debian.org/security/2006/dsa-1097
- http://www.debian.org/security/2006/dsa-1103
- http://www.novell.com/linux/security/advisories/2006-05-31.html
- http://www.osvdb.org/24746
- http://www.osvdb.org/24807
- http://www.redhat.com/support/errata/RHSA-2006-0437.html
- http://www.redhat.com/support/errata/RHSA-2006-0575.html
- http://www.redhat.com/support/errata/RHSA-2006-0579.html
- http://www.securityfocus.com/archive/1/431341
- http://www.securityfocus.com/archive/1/451404/100/0/threaded
- http://www.securityfocus.com/archive/1/451417/100/200/threaded
- http://www.securityfocus.com/archive/1/451419/100/200/threaded
- http://www.securityfocus.com/archive/1/451421/100/0/threaded
- http://www.securityfocus.com/bid/17600
- http://www.ubuntu.com/usn/usn-302-1
- http://www.vmware.com/download/esx/esx-213-200610-patch.html
- http://www.vmware.com/download/esx/esx-254-200610-patch.html
- http://www.vupen.com/english/advisories/2006/1426
- http://www.vupen.com/english/advisories/2006/1475
- http://www.vupen.com/english/advisories/2006/2554
- http://www.vupen.com/english/advisories/2006/4353
- http://www.vupen.com/english/advisories/2006/4502
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25871
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995